Out-of-Bounds Access Vulnerability in Linux Kernel Affecting Certificate Parsing
CVE-2026-31430

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-31430?

A vulnerability has been identified in the Linux kernel, which allows an unprivileged user to trigger an out-of-bounds access when parsing certificates with empty Basic Constraints or Key Usage extensions. This occurs because the kernel reads the first byte of the extension without validating its length. By submitting a specifically crafted certificate via the keyrings API, a malicious user can exploit this flaw. This issue has been responsibly disclosed and fixed to mitigate potential exploitation.

Affected Version(s)

Linux 30eae2b037af54b24109dcaea21db46f6285c69b < 672b526def1f94c1be8eb11b885b803da0d8c2f1

Linux 30eae2b037af54b24109dcaea21db46f6285c69b < 30ab358fad0c7daa1d282ec48089901b21b36a20

Linux 30eae2b037af54b24109dcaea21db46f6285c69b < 206121294b9cf27f0589857f80d64f87e496ffb2

References

https://git.kernel.org/stable/c/672b526def1f94c1be8eb11b8...

https://git.kernel.org/stable/c/30ab358fad0c7daa1d282ec48...

https://git.kernel.org/stable/c/206121294b9cf27f0589857f8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Mar 9, 2026

CVE-2026-31430 Data

JSON